How to test Email Token


#1

Hi, I’m from Indonesia and I just installed privacyIDEA, and It was succeed to test the HOTP Token using FreeOTP apps.
Then I try the Email Token, the SMTP Server Configurations clearly setup, testing the recipient is successful, but still confuse how to trigger email for testing purpose.


#2

Email tokens like SMS tokens simply suck! :slight_smile:
They are challenge response token, i.e. you need to trigger the sending of the OTP value.
Usually the user enters his OTP PIn (password) in the frist step. Then the SMS or Email is sent.

Search the online documentation for challenge response to get a deaper understanding or ask further questions:
http://privacyidea.readthedocs.io/en/latest/configuration/tokenconfig/email.html#email-otp-token

The thing is, challenge response is difficult to test, if you have not understood, how this works.

Also try to understand the validate endpoint, which is used to authenticate the user and to trigger the SMS/Email.

http://privacyidea.readthedocs.io/en/latest/modules/api/validate.html?highlight=transaction_id#post--validate-check

Send a POST request to validate/check.

If you are ok with all this, you can take a look at an alternative way to trigger challenges with a challenge admin:
http://privacyidea.readthedocs.io/en/latest/modules/api/validate.html?highlight=transaction_id#post--validate-triggerchallenge


#3

I have read the manual about sending the OTP Value for the first step, but still not clear, where I have to Enter/Send the OTP Pin Password ?


#4

You need to use this endpoint:

http://privacyidea.readthedocs.io/en/latest/modules/api/validate.html#post--validate-radiuscheck

Imagine you have an email token and set an OTP PIN for the token of “test”.
You assigned the token to the user “gurilem”.

First you need to call the API like this:

POST https://yourserver/validate/check
user=gurilem
pass=test

privacyidea will realize, that this is the OTP PIN of the Email-Token of the user “gurilem”.
It will respond with a JSON response, which will contain a transaction_id.

The user will receive an email with an OTP code like “123987”

In a second request you would send

POST https://yourserver/validate/check
user=gurilem
transaction_id=<transaction_id_from_the_first_response>
pass=123987

Now privacyIDEA would respond with a successful auth response.

Of course, your application needs to implement this behaviour.
However, some plugins aleady did this, like the simpleSAMLphp and the ownCloud plugin and probably some else.

Hope that helps to clarify your understanding.

Where do you want to add 2fa with privacyIDEA? In which application?


#5

Thx for the brief explanation, soo seems that I have to work with developers (json) to make this test.

I’m working as IT Advisor, I was have worked with Vasco, Feitian and Securemetric product when joined a local Bank in here, so for adding the knowledge I try to explore the privacyIDEA, that could be give me an advantage for the future.


#6

Hi Cornelinux,

Using Postman I try to POST https://192.168.123.158/validate/check?user=ihsan&pass=Semarang2018
And the result is

{
“jsonrpc”: “2.0”,
“signature”: “28184480063868308063428746229985992147251058075760193319752518361375408670231157970565467469791671412781800500520034291396386709607322695508839382868700323117319978791446137809182196731537232415959953577342683287921531334902479120845158076807527702279121489044984373105744953276932189590381562765366683355203958710729167226791386377125034425389434923056856671433049705784688781056406265466200781073986167478578026857956812669751975852186393051855373616025285488373391905370102246360791408836151410495419296600417647349211151928444779499715180249071953133356425991587348333900049269621672580111734871374503504070264758”,
“detail”: {
“message”: “The PIN was correct, but the EMail could not be sent: SMTPRecipientsRefused({u’’: (555, ‘5.5.2 Syntax error. u6sm11372186pgo.1 - gsmtp’)},)”,
“multi_challenge”: [],
“threadid”: 140632821761792
},
“versionnumber”: “2.22”,
“version”: “privacyIDEA 2.22”,
“result”: {
“status”: true,
“value”: false
},
“time”: 1522913284.544812,
“id”: 1
}

FYI : The SMTP is in correct setting, testing email was sent succesfuly


#7

look at you smtp server log and you will know why.


#8

Finally, Its Works… I missed to set the email address on users profile…

Thx